We have setup a PC with Windows Server 2003 SP2. It is connected to the internet and runs an SVN server.

Since we are no Windows Server people, we do not know how secure an out-of-the-box Windows 2003 SP2 is. The IP is not public. However if the IP is revealed to public by accident, it can be attacked. We are concerned about somebody getting access to the SVN somehow.

What are the most important security measures on a Windows Server ?

Additionally, are there any ways of getting notified when somebody other than us tries to login to the server ?

Additionally, are there any ways of
getting notified when somebody other
than us tries to login to the server ?

Yes by editing the local security policy and auditing account logon events. You can choose to audit successes and failures. After that you simply need to schedule and run a script similar to this one that excludes logins from users you like. If you are new to windwos this might initially be beyond your skillset. Watch An Ounce of Prevention: An Introduction to WMI Events (Level 200) for some background on wmi events. Alternatively you could just care about failed logins (since after reading the toolkit you'll see that you can set the list of users that are allowed to login via local security policy), in which case you might simply want to poll the eventlog on a scheduled basis.

First things first, Windows server is quite secure by default, but for that extra bit of security, I would start by looking at your edge firewall and locking down everything other than the port SVN uses (outgoing if you can, most people only do incoming).

(I think this is only for R2 and above) Next, take a look at the Baseline security program which should allow you to lock the machine down completely.

The most important thing is to get it behind a firewall, even just a NAT router, and only forward the port(s) that actually need to be exposed.

/Edit - just by having a public IP, you can be sure that your machine has already been scanned multiple times. You might want to consider wiping it, rebuilding it behind a firewall, and then making sure that all of the OS updates are applied before you use it again.